Try VMRay Platform
Malicious
Classifications

Spyware Injector

Threat Names

AgentTesla.v3

Dynamic Analysis Report

Created on 2022-08-05T10:52:19+00:00

de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 222.41 KB
MD5 f8b75a887b9774203f7d77de434f40ea Copy to Clipboard
SHA1 e19add1ef9b87ef54de6870b229cfbcaaeddb0fa Copy to Clipboard
SHA256 de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3 Copy to Clipboard
SSDeep 6144:9ozPrnXx5dQkZdis9lWV8TSGjF/A/iepoUPNzHnt4V:9OPLhldis9YV8mGjF/8RpVVzHnt4V Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x004355AE
Size Of Code 0x00033600
Size Of Initialized Data 0x00001A00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-07-21 11:45 (UTC+2)
Version Information (11)
»
Comments
CompanyName
FileDescription ZZSSACVSDFDHDJJHDG335
FileVersion 1.0.0.0
InternalName ZZSSACVSDFDHDJJHDG335.exe
LegalCopyright Copyright © 2022
LegalTrademarks
OriginalFilename ZZSSACVSDFDHDJJHDG335.exe
ProductName ZZSSACVSDFDHDJJHDG335
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000335B4 0x00033600 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.82
.rsrc 0x00436000 0x0000176A 0x00001800 0x00033800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.49
.reloc 0x00438000 0x0000000C 0x00000200 0x00035000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x00035588 0x00033788 0x00000000
Digital Signature Information
»
Verification Status Failed
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA 2011
Country Name US
Valid From 2021-09-02 20:33 (UTC+2)
Valid Until 2022-09-01 20:33 (UTC+2)
Algorithm sha256_rsa
Serial Number 33 00 00 02 55 18 1D A4 2E E0 86 FC 15 00 00 00 00 02 55
Thumbprint C9 CA ED C2 CE CF 95 3E 81 2C 64 46 D4 19 27 B9 86 4B B8 80
Certificate: Microsoft Code Signing PCA 2011
»
Issued by Microsoft Code Signing PCA 2011
Country Name US
Valid From 2011-07-08 22:59 (UTC+2)
Valid Until 2026-07-08 23:09 (UTC+2)
Algorithm sha256_rsa
Serial Number 61 0E 90 D2 00 00 00 00 00 03
Thumbprint F2 52 E7 94 FE 43 8E 35 AC E6 E5 37 62 C0 A2 34 A2 C5 21 35
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe 1 0x00400000 0x00439FFF Relevant Image False 32-bit - False
...
buffer 1 0x00850000 0x00877FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe 1 0x00400000 0x00439FFF Process Termination False 32-bit - False
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image